A ransomware virus has appeared out in the wild, encrypting archives, pictures, Microsoft office documents and other important files. The virus is dubbed FunFact and has a note.ini ransom note which it opens after encrypting the files. In the ransom notes, clear demands are made by the cyber-criminals to pay a requested amount in around 1.6 BitCoin in a 7-day deadline. In case you have become a victim of this ransomware virus, advises are to focus on removing it immediately and trying to restore files encrypted via RSA and AES ciphers by FunFact.
|Short Description||The malware encrypts users files using a combination of the AES and RSA encryption algorithms.|
|Symptoms||The user may see a ransom note named note.ini asking to pay in BTC to an address. Files may be encrypted with the .cry file extension.|
|Detection Tool|| See If Your System Has Been Affected by FunFact |
Malware Removal Tool
|User Experience||Join our forum to Discuss FunFact.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
FunFact Ranosmware – How Does It Infect Users
FunFact is no different than any other ransomware virus. It could be spread via e-mail spam and the spam may contain malicious attachments which have:
- Exploit kits embedded.
- Files that are legitimate .doc, .docx, xls or .pdf format, containing malicious macros.
To cause an infection, the criminals may make it seem as if the spammed messages are sent out as if they are legitimate messages from well-known companies or organizations.
Once they open the e-mail attachment and become infected by the malware, the virus may establish contact with multiple domains and addresses:
- 22.214.171.124:80 (to get your IP address)
After this has been done, the payload of FunFact ransomware may be downloaded. It consists of the following files:
FunFact Ranosmware – Post-Infection and Encryption
Besides obtaining the IP address of the infected computer, the FunFact virus may begin to scan for various files to encrypt. Amongst the encrypted files by this virus may be the following file types:
The encrypted files may be encoded with the Advanced Encryption Algorithm (AES) and for the encryption key, an algorithm called RSA may be used. The files are reported to possibly have the .cry file extension added to them. They may appear like the following:
After encryption, the FunFact ransomware adds it’s distinctive note.ini ransom note and automatically opens it. The note has the following message for the victim:
Remove FunFact Ransomware and Try Restoring Your Files
In order to remove this ransomware virus completely from your computer, it is strongly recommended to follow our removal instructions posted down below. They are specifically designed to perform effective removal by either manually look for the files or automatically taking care of them via an advanced anti-malware tool (recommended).
After having already removed FunFact ransomware from your computer, it is strongly recommended to focus on restoring your data via some of the alternative methods which we have mentioned below in step “2. Restore files encrypted by FunFact”. These methods may not work on 100 percent but they may also restore some of your files, it really depends on the situation.